I'm not sure there's a good solution to this. We'd need to make some kind of DB change to actually not delete member rows, but I don't think it would really make it more secure because there are lots of similar-looking characters in unicode (or even just whatever character list is active) that could allow similar spoofing.If it is an admin account that is deleted, then the staff could put it in the prohibited usernames list (which I'm going to document).

If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).

If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.

If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.

If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.

1) Create a new deleted_users table (or other appropriate name of course).

2) on account deletion, place user name in this table. (You might want to place other auditing info like deleted_on, deleted_by_IP, deleted_by_user_ID, deleted_group_membership)

3) on account creation, after doing normal user name validations, check this table as the last step.

So this way you can actually the user details as normal and just maintain a historical list of names for added security.

As for your "but I don't think it would really make it more secure because …" comment, that type of argument can be said about a lot of small security fixes. Minor they may be, they get fixed anyway to try and plug as many holes as possible/practical.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .

If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).

If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.

If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.

If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.